A Look Back in Review: Analyzing the CentCom Hack

When Twitter and YouTube accounts belonging to the military’s US Central Command were hacked, the Pentagon brass quickly dismissed the hack as nothing more than “cybervandalism,” or a “cyberprank.” However, the opinions of cybersecurity experts vary on the impact of what appeared to be a “trivial hack.” I have compiled views from both sides and provided links to read more.

CentCom Hack Should Be Taken More Seriously:

Damages Through Perception: Writing for the dailysignal.com, James Carafano, an expert in national security and foreign policy challenges, argues that the CentCom attacks need to be taken more seriously. According to Carafano, the focus should not be on the severity of the attack itself but rather the perception of weakness created by the attack. Read his reasons here.

Damages Through Reputation: In a Bloomberg article titled “The CentCom Hack Was No Joke,” the author explains that this type of hacking is an efficient vehicle for damaging reputations, rather than causing any actual damage. Quoting Lance Cottrell, a online privacy specialist and chief scientist at the computer-security firm Ntrepid, the article notes that “[t]he attackers are winning because of the attention they are getting rather than because of any actual damage from the attack . . . the message this sends is that official accounts on non-official platforms are highly vulnerable.” The article goes on to explain the non-obvious ways the hack caused damage, including the potential exposure of malicious software to soldiers’ computers. For the full article, click here.

Damages in Varying Degrees: Peter Brookes wrote an article on the damages caused by the CentCom attack which appeared in the Boston Herald and is now accessible on DailySignal.com. In his article, he reminds his readers that the source of the hack is not entirely clear, adding that a nation-state could have sponsored this attack. Brookes goes on to point out the potential damages of the hack: some personal information of high ranking personnel may have been disclosed, the disruption undoubtedly distracted some element of the command from its duties for a period of time, a misunderstanding of the gravity of the event might prove to be a significant public relations victory for the Islamic State, the created perception of vulnerability might push unsure recruits to join various terrorist groups, and the seeming alarm caused by the hack might encourage more attacks of this kind. Read more on what Brookes describes as a cyber “sting” here.

CentCom Hack is Not a Big Deal:

Hacktivists vs. Nation-States: An article by TechWorld describes the difference between hacktivist and nation-state cyberattacks, and explains why that difference is so important when analyzing these attacks. According to the article, because of these difference we should place our focus on nation-state attacks rather than CentCom style hacks.

No Big Deal, It Happens all the Time: According to Slate.com, hackers try to launch assaults on Defense Department computers and networks hundreds of times a day, and while some are serious: “this one is not.” Comparing the hack to tearing down a poster hung up by CentCom, the article quotes Matthew Devost, president and CEO of cybersecurity firm FusionX LLC, who calls the intrusion “embarrassing” but “harmless.” The Slate.com author agrees, describing the hack as “a harmless nuisance, [and] a distraction from the real set of issues revolving around both cybersecurity and ISIS.” Read the full article here.

DoD: No Effect on Social Media Policy: Defense Department officials have no plans to reevaluate policy on the use of social media, according to a DoD spokesperson quoted by C4IRSnet.com. Other than changing passwords, no real strategic considerations were considered. The article quotes Jack Holt, a former DoD senior strategist for emerging media who now runs his own communications consultancy: “The true point of this is not much more than somebody basically interrupting a conversation.” To read more on the reasons behind the continued policy, read the full article here.

Finally, for those looking for an article that falls somewhere in between the two views, click here for Mashable’s report titled: “The CentCom hack wasn’t a big deal, but don’t scoff at ISIS hackers just yet.”

Professor William Snyder

Ryan D. White

Ryan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.

Christopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law.

Anna Maria Castillo

is 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review.

Jennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.)